Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Glossary for Oracle Unified Directory 11g Release 1 (11.1.1) |
access control instruction (ACI)
authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
An object class is a schema element that correlates an OID and a set of names with a set of required and optional attribute type.
The components of an object class definition include:
An OID used to uniquely identify the object class.
A set of zero or more names that can be used to more easily reference the object class.
An optional superior class, which may define additional required and/or optional attribute types.
An optional object class type value that indicate whether the object class is structural, auxiliary, or abstract.
An optional set of one or more attribute type names or OIDs for attributes that must be present in entries containing the object class.
An optional set of one or more attribute type names or OIDs for attributes that may optionally be present in entries containing the object class.
Every entry must have exactly one structural object class, and it may have zero or more auxiliary classes. The complete set of object classes in an entry define the set of attribute types that are required or allowed to be present. The structural class may also be used to link the entry with a name form, DIT content rule, and/or DIT structure rule.
The set of object classes defined in the server may be determined by retrieving the objectClasses attribute of the subschema subentry. For more information about object classes, see the Understanding Object Classes in Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory document.
An object class type is used to define the category for an object class. There are three object class type values:
A structural object class is used to define the primary type for an entry. Each entry must have exactly one structural class, and it defines the core type of object that the entry represents.
An auxiliary object class is used to define a characteristic of an entry. An entry may have zero or more auxiliary classes. The set of auxiliary classes that an entry may have may be controlled by a DIT content rule that is associated with the entry's structural class.
An abstract object class is not intended to be used directly in entries but should be subclassed by a structural or auxiliary class.
The inheritance model used for LDAP object classes is very similar to the inheritance model for Java classes. Just like an entry must only exactly one structural object class, a Java class must have exactly one superclass. Similarly, while an entry may have multiple auxiliary classes, a Java class may implement multiple interfaces. Finally, it is not possible to instantiate an abstract Java class, just as it is not possible to create an entry containing only an abstract object class.
An object identifier (OID) is a string that comprises a series of integers separated by periods. It is used as a unique identifier for various types of elements in the Directory Server, including:
An operation ID is an integer identifier that is assigned to each operation performed on a client connection. It is used primarily for logging purposes, so that it is possible to correlate a response log message with the corresponding request message.
The first operation performed on a client connection is assigned an operation ID of zero, and it is incremented by one for each additional request received on that client connection.
A user attribute is an attribute type with an attribute usage of directoryOperation, distributedOperation, or dSAOperation. Operational attributes are used for storing information needed for processing by the server itself or for holding any other data maintained by the server that was not explicitly provided by clients.
Operational attributes are not included in entries returned from search operations unless they are explicitly included in the list of search attributes. An explicit value of + (the plus sign) may also be included to request that all operational attributes be returned.
An ordering index is a type of index that is used to keep track of the relative order of values for an attribute. It is very similar to an equality index except that it uses an ordering matching rule instead of an equality matching rule to normalized value the values. Ordering indexes may not be maintained for attributes that do not have a corresponding ordering matching rule.
An OR search filter is a type of search filter that is intended to serve as a container that holds zero or more other search filters. In order for an entry to match an OR filter, it must match at least one of the filters contained in that OR filter.
OR filters may be represented as a string by enclosing the entire filter in parentheses and placing a pipe symbol (|) just after the opening parenthesis. For example, a filter of (|(uid=john.doe)(uid=jane.doe)) represents an OR search filter that embeds the (uid=john.doe) and (uid=jane.doe) equality filters.
An OR filter that does not contain any embedded filters is called an LDAP false filter. The string representation for an LDAP false filter is (|), and LDAP false filters will never match any target entry.